diff --git a/vicuna-tools.d/go.mod b/vicuna-tools.d/go.mod
new file mode 100644
index 0000000..122c3e1
--- /dev/null
+++ b/vicuna-tools.d/go.mod
@@ -0,0 +1,3 @@
+module gogs.inhome.blapointe.com/ai.d/vicuna-tools.d
+
+go 1.19
diff --git a/vicuna-tools.d/main.go b/vicuna-tools.d/main.go
index f26c2bf..cd6599d 100644
--- a/vicuna-tools.d/main.go
+++ b/vicuna-tools.d/main.go
@@ -2,6 +2,9 @@ package main
 
 import (
 	"context"
+	_ "embed"
+	"encoding/json"
+	"errors"
 	"flag"
 	"fmt"
 	"log"
@@ -12,10 +15,19 @@ import (
 	"syscall"
 )
 
-var Config struct {
-	Port     int
-	SessionD string
-}
+var (
+	Config struct {
+		Port      int
+		SessionD  string
+		Debug     bool
+		Semaphore sync.Mutex
+	}
+
+	//go:embed template.d/login.html
+	htmlLogin []byte
+	//go:embed template.d/index.html
+	htmlIndex []byte
+)
 
 func main() {
 	ctx, can := signal.NotifyContext(context.Background(), syscall.SIGINT)
@@ -62,6 +74,7 @@ func config(ctx context.Context) {
 
 	flag.IntVar(&Config.Port, "p", 37070, "port to listen on")
 	flag.StringVar(&Config.SessionD, "d", d, "dir to store sessions")
+	flag.BoolVar(&Config.Debug, "debug", false, "debug mode")
 	flag.Parse()
 }
 
@@ -85,4 +98,54 @@ func listenAndServe(ctx context.Context) {
 }
 
 func handle(w http.ResponseWriter, r *http.Request) {
+	if err := _handle(w, r); err != nil {
+		u, _, _ := r.BasicAuth()
+		log.Printf("%s: %s: %v", u, r.URL.Path, err)
+	}
+}
+
+func _handle(w http.ResponseWriter, r *http.Request) error {
+	u, p, ok := r.BasicAuth()
+	if !ok {
+		w.Header().Set("WWW-Authenticate", "Basic")
+		w.WriteHeader(http.StatusUnauthorized)
+		return errors.New("no auth")
+	}
+	_, _ = u, p
+
+	Config.Semaphore.Lock()
+	defer Config.Semaphore.Unlock()
+
+	return errors.New("not impl")
+}
+
+type Cookie struct {
+	Name string
+}
+
+func ParseCookie(r *http.Request) (Cookie, error) {
+	cookie, err := r.Cookie("root")
+	if err != nil {
+		return Cookie{}, err
+	}
+
+	var result Cookie
+	if err := json.Unmarshal([]byte(cookie.Value), &result); err != nil {
+		return Cookie{}, err
+	}
+
+	if result.Name == "" {
+		return Cookie{}, errors.New("incomplete cookie")
+	}
+
+	return result, nil
+}
+
+func (cookie Cookie) Serialize(w http.ResponseWriter) {
+	b, _ := json.Marshal(cookie)
+	c := &http.Cookie{
+		Name:  "root",
+		Value: string(b),
+	}
+	http.SetCookie(w, c)
 }
diff --git a/vicuna-tools.d/template.d/index.html b/vicuna-tools.d/template.d/index.html
new file mode 100644
index 0000000..2df8eae
--- /dev/null
+++ b/vicuna-tools.d/template.d/index.html
@@ -0,0 +1,8 @@
+<html>
+  <header>
+  </header>
+  <body>
+  </body>
+  <footer>
+  </footer>
+</html>
diff --git a/vicuna-tools.d/template.d/login.html b/vicuna-tools.d/template.d/login.html
new file mode 100644
index 0000000..2df8eae
--- /dev/null
+++ b/vicuna-tools.d/template.d/login.html
@@ -0,0 +1,8 @@
+<html>
+  <header>
+  </header>
+  <body>
+  </body>
+  <footer>
+  </footer>
+</html>